April 2019 Updated Blog:
Flexible licensing is one of the strong features that makes Dynamics 365 such a compelling CRM choice. For those users that need it, a Plan license allows full access to pretty much everything under the sun! An App license gives access to a particular function set such as Sales, Service, Project Service and Field Service. There is a third level of licensing, which we will discuss in this post, which is very interesting for organisations looking to give CRM access to the whole organisation.
Microsoft offer an incredibly low price, restricted license for Dynamics 365 called the Team Member License. At the time of writing the cost of a standard Team Member License is £6 per head, as opposed to the next license up which is currently £71.60 for an App license and the Plan 1 license weighing in at £86.70. Given the large price difference between the App and the Team Member license you may be forgiven for asking why not just give everyone in the organisation Team Licenses. There are some considerations and we will explain in this post what can and can’t be achieved with Team Member subscriptions.
Trust Based Licensing
The first thing to say is that the reason that Microsoft have positioned the Team Member License at such a low price point is to bring down the barriers to knowledge sharing among all employees within the organisation. Anyone with a Team Member license can now consume all information within Dynamics 365. The Team Member license has certain restrictions and boundaries that must be adhered to in order to stay within the right side of the licensing agreement.
The thing to bear in mind about these restrictions is that all Dynamics 365 licensing is currently trust-based. What this means is, Microsoft set out the rules and it is your duty as a Microsoft customer to follow them. With the licensing being trust-based there is technically nothing to stop you from assigning a Team Member License to a user and then giving them a security role that allows the user to perform almost any action within Dynamics 365. This would, of course, constitute a breach of the licensing trust and could get you into serious trouble. We felt that we should point this out because we have seen people getting confused around this area. A recent customer told us… “…I have given a user a Team Member License and they can still create Opportunities…” The reason was, of course, that the user had been given a security role that allowed them to create opportunities.
How do I keep within the rules?
This is achieved in Dynamics 365 by creating appropriate security roles for your Team members to match their job function but that also obey license restrictions for that particular license type. For example, a user with a Team Member license is not allowed to create Marketing Lists, but they can connect contacts to Marketing Lists thus creating Marketing List Members. So, a Team Member security role must have these options set appropriately. Frustratingly, there isn’t yet an out of the box Team Member Security Role that can be used as a template so the responsibility for creating the security role falls to the system administrator.
What can the team member actually do then?
As Microsoft, famously, don’t make it easy to find out information and the Dynamics licensing guide (link below) is almost impenetrable for people who don’t have to deal with Dynamics 365 on a full time basis, we have gone into a little bit of the detail further below but as a quick summary guide, the Team Member Subscription with maximum allowable permissions turned on has full read access to everything in Dynamics. Full access to Contacts, meaning that they can create, view, update and delete Contacts. They also have the same full and complete access to up to 15 custom entities. For Example, if you (as a system administrator) created a custom entity called CLI to hold customer device information, the Team Member user can create, view, update and delete CLI’s. Although you probably wouldn’t want to allow your Team Members to delete records (this can be prevented within the security role). Team members used to have the same access to Accounts as for Contacts, but as of February 2019 this was changed, so that Team member users can no longer create Accounts.
There are also restrictions on certain out of the box functions and entities (explained below) but the most important thing to remember is that the Team Member can view ALL information in Dynamics 365, meaning that, although they cannot create or edit opportunities, due to licensing limitations, they can view them and view pipelines, charts and dashboards. It is Microsoft’s opinion that if you want your users to be able to perform specialist role based functions like creating and nurturing Leads, Opportunities or customer service Cases then you need to provide them with a suitable App based license.
Can I create my own custom Opportunity or Case entity?
Microsoft are strict around the area of replicating out of the box functionality. What this means is that you cannot just get around the restrictions by creating a custom entity called “Service Tickets” for example, and then tell Team Members to use that custom entity to replicate the full functionality of the out of the box Cases functionality. You are also not allowed to try to get around the restriction by creating automated flows or work-flows to create cases on behalf of a Team Member. In terms of customer service desk it is worth noting that the Team Member can curate your knowledge base by creating and publishing articles as well as creating and running reports.
From our perspective, the main areas of interest to customers regarding these restrictions appears to be around the creation of Leads, Opportunities and Cases (all are create, delete and edit-restricted). An interesting point to note is that Team Members can create and add activity items to any entity, such as Notes, Phone Calls and Tasks. So, if the user doesn’t need to create cases but just to log the occasional activity against a case then a Team Member License may be adequate for that user.
In summary, there is a large amount of questions and “grey” areas around Team Member subscriptions. We probably get more questions around this than anything else lately. To be fair, Microsoft have realised the confusion around the Team Member license and are are slowly clearing the fog and laying down more accurate guidelines for the use of this license type. We will update this blog post from time to time to reflect any changes , so it’s worth adding this to your favourites so you can always refer to it at a later date.
Guide to Team Member License Permissions
Below is a bulleted list of items that can be performed by a Team Member. The list comes from Microsoft’s licensing guide to Dynamics 365 and does not include granular detail on every aspect of the licensing permissions. The full list is comprehensive and we would always recommend that customers read the full licensing guide for further clarification (see link below for the pricing guide…the link to the licensing guide is on the pricing page)
Microsoft Dynamics 365 Licensing Guide
- Accounts (Read and Append)… An example of Append would be logging a phone call or other activity against the Account or creating a Contact against the Account.
- Contacts (Create , Read, Update, Delete …”CRUD”)
- Custom Entities (up to a maximum of 15 defined entities) (CRUD)
- Custom Entities (over the defined 15 – Read and Append)
- Associate a Marketing List with an Account or Contact
- Activities and Notes (CRUD)
- Adding or Removing Connections
- Post & follow activity feeds
- Use a queue item (Actions can be performed only against records corresponding to entities included in the use rights)
- Start dialog (Actions can be performed only against records corresponding to entities included in the use rights)
- Shared Calendar (Actions can be performed only against records corresponding to entities included in the use rights)
- View Announcements (legacy feature)
- Run as an on-demand process (Actions can be performed only against records corresponding to entities included in the use rights)
- Run an automated workflow (Actions can be performed only against records corresponding to entities included in the use rights)
- Use relationships and connections between records (Actions can be performed only against records corresponding to entities included in the use rights)
- Write custom entity records (Custom entities may require a higher CAL depending on the required access. Customizations can only be performed against entities included in the use rights)
- Personal views; Saved Views
- Search & Advanced find search
- Export data to Microsoft Excel
- Access to reports, charts and dashboards
- Perform mail merge
- Dynamics 365 Web, Mobile and Tablet applications
- Microsoft Dynamics 365 for iPad & Windows
- Microsoft Dynamics 365 App for Outlook
- Microsoft Dynamics 365 Web application
- Read All Dynamics 365 application data
- Portal or API access Only: Employee Self Service: Submit cases and update Cases user has submitted (as a support client/customer)
- Chat with support team (as chat client for self-service, requires 3rd party solution)
- Portal or API access Only/Non-Employees Only: Update Work Orders
- Portal or API access Only/ Non-Employees Only: Create & Update Opportunities
- Add or remove a Connection (stakeholder, sales team) for an Account or Contact
- Create and update announcements (legacy feature)
- Submit Time & Expense for Project Service Automation
- Update Project Tasks for Project Service Automation
- Update Own Resource Competencies for Project Service Automation
- Apply for Open Project Position for Project Service
- Project Finder Mobile Application
- Create, update, customize, and run Reports
- Interactive Service Hub
- Create, Publish, Configure Knowledgebase
- Dynamics 365 – Gamification Fan & Spectator
- Embedded PowerApps (Includes Flow)
- User Interface integration for Microsoft Dynamics 365
Note 1: At least one full user license is required in order to be able to add Team Licenses to the tenancy.
Note 2: Team Members can access any instance of Dynamics 365 as long as it is within the same tenancy. For Example, a sandbox or training instance is accessible to users with a Team Member Subscription.
If you have a question about security roles why not take advantage of our free 30 minute consultancy offer.
Rocket CRM are a leading Dynamics 365 practice based in the UK.